In recent years, individuals and organizations have become increasingly concerned with protecting their networks and computing resources from malicious attacks. Malicious attacks on network and computing resources often vary widely in their degree of sophistication and/or complexity. For example, rudimentary or unsophisticated attacks may rely on exploits or attacks that are not especially complex, intelligent, or sophisticated. Advanced Persistent Threats (APTs), in contrast, often utilize relatively intelligent or sophisticated exploits or attacks that persist over an extended period of time.
While rudimentary or unsophisticated attacks may be relatively easy to identify or detect, system administrators often have trouble identifying or detecting APTs since the behavior of these attacks often appear to be similar to the behavior of legitimate non-malicious users. For example, APTs may use the same or similar commands and applications that legitimate non-malicious users use to manage systems in an attempt to mask their illegitimate traffic and/or behavior, potentially frustrating the efforts of system administrators to distinguish between the same.
Accordingly, the instant disclosure identifies a need for systems and methods capable of more accurately identifying security threats, especially systems and methods capable of more accurately distinguishing between the behavior of APTs and the innocuous behavior of legitimate non-malicious users.